[nsp] Suggestions on tracking down bandwidth offenders
Olav Langeland
Olav.Langeland at activeisp.com
Thu Jul 15 03:00:42 EDT 2004
> -----Original Message-----
> From: Tony Mucker [mailto:Tony at tonymucker.com]
> Sent: 14. juli 2004 19:24
> To: cisco-nsp at puck.nether.net
> Subject: [nsp] Suggestions on tracking down bandwidth offenders
>
> I've got a bandwidth problem (who doesn't). Something has been
> saturating my poor little T1 for 24 hours straight now. For those of
> you curious, here's what it looks like:
>
> http://www .ghideon.com/router-day.png
>
> Remove the white space and enjoy. In the past I've used ethereal
> dumps
> to figure out who the big talkers were, but frankly it takes too long
> to
> crunch all the packets. I've also tried etherApe, but the analysis
> makes my poor little laptop crawl. Are there any tools out there that
> will speed this up? Possibly by looking at the firewall logs?
One way is http://www.ntop.org which is a good tool to have in any case,
it can show toptalkers by IP and broken down in protocol etc. Install it
on a *NIX/Windows machine and either port monitor/SPAN the router
switchport or use netflow from the router and fire it up.
Or you can get some IP accounting package running, these are just some
grabbed from freshmeat.net:
http://freshmeat.net/projects/ipacco/
http://ipac-ng.sourceforge.net/
http://freshmeat.net/projects/ipstat/
Or get MRTG/Cacti/RTG in there and monitor all your switchports, with a
nice overview picture of all the graphs you can easily spot the main
offender.
Good luck :)
Regards
Olav Andreas Langeland
More information about the cisco-nsp
mailing list